Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SSO Problem Redirecting to ApEx Page with Checksum

472934Jun 28 2007 — edited Jun 28 2007

ApEx 2.2.1.

My application is setup to use SSO authentication which works fine.

I have an Application Idle Timeout setup for 20 minutes. This involves a LAST_ACTIVITY_DATE column being updated in my USERS table everytime a user accesses a page. This is achieved through the following PL/SQL in my Authentication Scheme's Session Verify Function:

BEGIN
  IF HTMLDB_CUSTOM_AUTH.get_user IS NULL THEN
    return true;
  ELSE
    IF USERS_PACKAGE.is_session_valid THEN
      USERS_PACKAGE.set_last_activity_date;
      return true;
    ELSE
      return false;
    END IF;
  END IF;
END;

(The is_session_valid function simply returns TRUE or FALSE depending on whether the user's LAST_ACTIVITY_DATE was more or less than 20 minutes ago.)

My Authentication Scheme's "Session Not Valid URL" is set to "-PORTAL_SSO-".

This all works fine. E.g. If I leave a page of my application open in my browser for more than 20 minutes and then click a link on the page to take me to, say, page 40 I am taken directly to the SSO Login Screen. When I retype my login credentials into the SSO login page and click "Login" I am taken straight to page 40. Great.

The problem comes if, having timed out, I click a link which takes me to a different page, say page 50, which would ordinarily have a checksum at the end of the URL (as a result of Session State protection being in force for one or more items on that page).

What happens in this scenario is that I am, as expected, taken to the SSO Login Screen when I click the link to page 50 but when I retype my credentials into the SSO Login page and click "Login" I am taken to page 50 of my application but shown an error like the following:

The checksum computed on the request, clear cache, argument names, and argument values...

...did not match the checksum passed into the show procedure....

If I turn off all session state protection in my application, this solves the problem but I don't really want to have to turn it off.

Ideally what I'd like to happen would be for the user to be directed always to the first page of my application (page 10) if they have timed out, clicked any link and then re-logged in.

Any ideas/suggestions gratefully received,

(I thought the following might solve the problem but it did not work:

I created an Application Item called "PAGE_10_ACCESSED". This is set to 'Y' whenever a user accesses page 10. I then created an Application Process which runs Before Header for every page in my application and, if PAGE_10_ACCESSED is not equal to 'Y', uses OWA_UTIL.redirect_url to redirect the user to page 10.

This works if the link a user clicks having timed out is to a page without a checksum (e.g. page 40): i.e. they are forced to relogin to SSO and, when they click Login, are taken to page 40 and redirected to page 10.

However, this does not work (I am shown the same checksum error) for links which take you to a page with a checksum: the problem being that ApEx seems to check the validity of the checksum appended to the URL before it runs my Before Header redirect-to-page-10 Application Process.)

Thanks
Andy
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 26 2007
Added on Jun 28 2007
#apex-discussions
1 comment
1,200 views